Risk Assurance

Risk Assurance covers all risk services where EY is providing independent assurance and the preparation towards assurance to our clients where the assurance can be used by our clients to build confidence and trust with their customers, the general market/public, key stakeholders or when regulatory (by law or oversight) or contractually required.

We can help with:

Working with Audit professionals to help create trust and confidence in their financial reporting and internal control over financial reporting

Business growth, by providing assurance to clients and other stakeholders related to internal controls

Business improvement, by assessing risks and controls related to business imperatives, such as launching new products/services, implementing new technologies or remediating control issues

Providing industry/sector insights and thought leadership with a focus on risk and control matters

How we can help

Companies, investors and other stakeholders rely on our independent assessment services to make business decisions. We provide an unbiased assessment of the risks and the effectiveness of related controls.

Service Organizations Control Reporting (SOCR)

We provide the preparation towards assurance and confidence to external stakeholders — in line with applicable assurance standards like SOC1, SOC2, ISAE3402 and others.

Our SOCR services are designed to help service organizations:

Build trust and confidence for organizations that operate information systems and provide business process services supporting financial reporting in the delivery processes and controls through a report they can deliver to their clients and client's external auditors.

To meet the needs of a broad range of users who require information and assurance about the controls that affect the security, privacy, confidentiality, availability, and processing integrity of the systems.

Example offerings:

Service Organization Control reporting according to AICPA SSAE 16 (SOC 1) or ISAE 3402 or AICPA AT101 (SOC 2 or SOC 3), etc.

ISO management system certification

Providing an accredited attestation statement intended for the general public on the quality of an implemented management system in accordance with the respective ISO standard (like ISO27001, ISO20000 and ISO14001), or helping an organization prepare to obtain one.

The ISO Certification service is aimed at providing implementation of and actual certification according to ISO standards and other similar frameworks. Certification is done through a separate EY-owned company called EY CertifyPoint.

Example offerings:

Management system implementation or certification (under accreditation) in the area of Information Security (ISO27001), Quality (ISO9001), IT Service Management (ISO20000), Business Continuity Management (ISO22301), Environmental Management (ISO14001)

Financial Audit IT Integration

The execution of IT-related audit procedures in support of financial statement audits and reporting on internal control over financial reporting

This service contains the execution of IT-related audit procedures (including IT-related procedures beyond ITGCs) in support of financial statement audits and reporting on internal control over financial reporting (Integrated and Non-Integrated audits). Our balance of experience and skills in IT and business processes supports our Assurance practice in delivering audits.

Example offerings:

IT General controls testing

Application and IT dependent controls testing

Electronic audit evidence testing

Regulatory Compliance

We can provide support as well as an assessment to the board of directors and senior management with respect to regulatory compliance.

We help organizations to manage regulatory compliance risks and help organizations to prevent claims, penalties, fines and litigation from their regulatory bodies (law or oversight).

Example offerings:

Develop compliance management framework

Regulatory compliance tool implementation

Specific compliance assessments (HIPAA, FCPA, FDA/GxP)

Contractual Compliance

We provide support as well as an assessment to the board of directors and senior management with respect to regulatory or contractual compliance.

Our services are aimed at providing an assessment to the board of directors and senior management with respect to contractual compliance. We help organizations to manage their contractual compliance risks and help organizations to prevent claims, penalties, fines and litigation from their contracting parties.

Example offerings:

Software license management

Vendor risk services

Contact us

EY-Ole-Halfpap-Biography

Latest thinking

EY refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.